From ccb5938adba3718ba1091e3d50fad3d345fb00a4 Mon Sep 17 00:00:00 2001 From: Michael Grafnetter Date: Thu, 23 May 2019 11:05:47 +0200 Subject: [PATCH] Resolved #85: Chocolatey package has wrong PowerShell dependency --- Documentation/CHANGELOG.md | 7 ++++++ .../Chocolatey/dsinternals-psmodule.nuspec | 23 +++++++++++-------- .../Chocolatey/tools/chocolateyinstall.ps1 | 10 +++++++- 3 files changed, 29 insertions(+), 11 deletions(-) diff --git a/Documentation/CHANGELOG.md b/Documentation/CHANGELOG.md index fed1185..28b5cef 100644 --- a/Documentation/CHANGELOG.md +++ b/Documentation/CHANGELOG.md @@ -1,6 +1,13 @@ # Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## 3.5.1 - 2019-05-23 + +This is a [Chocolatey](https://chocolatey.org/packages/dsinternals-psmodule)-only release. + +### Fixed +- Temporarily removed the package dependency on PowerShell 3, which caused some [issues](https://github.com/MichaelGrafnetter/DSInternals/issues/85). Will be resolved in a future release. + ## [3.5] - 2019-05-10 ### Added diff --git a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec index f5599de..dba4f8c 100644 --- a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec +++ b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec @@ -3,7 +3,7 @@ DSInternals-PSModule - 3.5 + 3.5.1 https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey MichaelGrafnetter DSInternals PowerShell Module @@ -19,17 +19,20 @@ admin dsinternals powershell activedirectory ad security ntds passwords dpapi lsa sam audit The DSInternals PowerShell Module exposes several internal features of Active Directory. These include offline ntds.dit file manipulation, password auditing, DC recovery from IFM backups and password hash calculation. The DSInternals PowerShell Module has these main features: -* [Active Directory password auditing](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md#test-passwordquality) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary. -* [Bare-metal recovery of domain controllers](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) from just IFM backups (ntds.dit + SYSVOL). -* Offline ntds.dit file manipulation, including [hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md#get-addbaccount), [password resets](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md#set-addbaccountpassword), [group membership changes](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup), [SID History injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) and [enabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md#enable-addbaccount)/[disabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md#disable-addbaccount) accounts. -* [Online password hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md#get-adreplaccount) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync. -* [Domain or local account password hash injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-SamAccountPasswordHash.md#set-samaccountpasswordhash) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPasswordHash.md#set-addbaccountpasswordhash). -* [LSA Policy modification](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-LsaPolicyInformation.md#set-lsapolicyinformation) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC). -* [Extracting credential roaming data](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Save-DPAPIBlob.md#save-dpapiblob) and DPAPI domain backup keys, either online through [directory replication](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplBackupKey.md#get-adreplbackupkey), [LSARPC](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md#get-lsabackupkey) and [offline from ntds.dit](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBBackupKey.md#get-addbbackupkey). + +* [Active Directory password auditing](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Test-PasswordQuality.md) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary. +* [Bare-metal recovery of domain controllers](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md) from just IFM backups (ntds.dit + SYSVOL). +* Offline ntds.dit file manipulation, including [hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBAccount.md), [password resets](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPassword.md), [group membership changes](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBPrimaryGroup.md), [SID History injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Add-ADDBSidHistory.md) and [enabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Enable-ADDBAccount.md)/[disabling](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Disable-ADDBAccount.md) accounts. +* [Online password hash dumping](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplAccount.md) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync. +* [Domain or local account password hash injection](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-SamAccountPasswordHash.md) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-ADDBAccountPasswordHash.md). +* [LSA Policy modification](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Set-LsaPolicyInformation.md) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC). +* [Extracting credential roaming data](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Save-DPAPIBlob.md) and DPAPI domain backup keys, either online through [directory replication](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADReplBackupKey.md), [LSARPC](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-LsaBackupKey.md) and [offline from ntds.dit](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBBackupKey.md). * Password hash calculation, including [NT hash](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-NTHash.md), [LM hash](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-LMHash.md) and [kerberos keys](https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/ConvertTo-KerberosKey.md). ## Installation Notes -The module will be installed to the *$PSHome\Modules* directory. This is to avoid conflicts with the *PowerShell Gallery* and still support module autoloading. + +* The module will be installed to the *$PSHome\Modules* directory. This is to avoid conflicts with the *PowerShell Gallery* and still support module autoloading. +* On Windows 7 and Windows Server 2008 R2, PowerShell has to be [upgraded](https://chocolatey.org/packages/PowerShell) first. ## Disclaimer Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security. @@ -39,7 +42,7 @@ Features exposed through these tools are not supported by Microsoft. Improper us - + diff --git a/Src/DSInternals.PowerShell/Chocolatey/tools/chocolateyinstall.ps1 b/Src/DSInternals.PowerShell/Chocolatey/tools/chocolateyinstall.ps1 index eb98fd5..1580cf8 100644 --- a/Src/DSInternals.PowerShell/Chocolatey/tools/chocolateyinstall.ps1 +++ b/Src/DSInternals.PowerShell/Chocolatey/tools/chocolateyinstall.ps1 @@ -1,4 +1,12 @@ -$ErrorActionPreference = 'Stop' +Set-StrictMode -Version 'Latest' +$ErrorActionPreference = 'Stop' + +# Check PowerShell Version +# Note: The #requires statement is not used in order to provide a custom message. +if ($PSVersionTable.PSVersion -lt [Version]'3.0') +{ + throw 'The minimum required version of PowerShell is 3. Please upgrade by running the "choco install powershell" command first.' +} # Copy Files $toolsDir = Split-Path -Parent ($MyInvocation.MyCommand.Definition)